package com.aaa.security;

import com.aaa.jwt.JwtAuthenticationFilter;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import javax.annotation.Resource;

/**
 * @ClassName: SecurityConfiger
 * @Description: TODO
 * @Author: 86139
 * @Date: 2021/7/28 17:30
 * @Version:1.0
 **/
@Configuration
@EnableWebSecurity
//启动权限的注解配置 ：启动全局方法
//@EnableGlobalMethodSecurity(prePostEnabled = true)
//@EnableGlobalMethodSecurity(securedEnabled = true)
//@EnableGlobalMethodSecurity(jsr250Enabled = true)
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiger extends WebSecurityConfigurerAdapter {
    @Resource
    AuthFailHandler authFailHandler;
    @Resource
    A a;
    @Resource
    B b;
    @Resource
    Chenggong chenggong;
    @Resource
    JwtAuthenticationFilter jwtAuthenticationFilter;
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.formLogin()
                .loginProcessingUrl("/login")//                form提交地址
                .passwordParameter("pwd")
//                .defaultSuccessUrl("/index.html")//                成功后跳转的地址
                .usernameParameter("username")//                失败后的地址
                .failureHandler(authFailHandler)
                .successHandler(chenggong)
                .permitAll()//                上面的请求都允许
// -----------------------下面的意思是所有请求都要授权才能
                .and()
                .authorizeRequests()//                授权请求
                .anyRequest()
                .access("@rbacConfig.hasPermission(authentication,request)")
//                .antMatchers("/**")//               匹配
//                .permitAll()//                通过请求
//                .anyRequest()//                所有请求
//                .authenticated()//                需要认证
                .and()
                .exceptionHandling()//                异常处理器
                .accessDeniedHandler(a)//                配置访问被拒绝的出路器:认证成功后没有权限发生的错误
                .authenticationEntryPoint(b)//                认证出口：没有认证发生的错误
                .and()
                .cors()
                .and()
                .csrf().disable();
        http.addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);

    }

    @Resource
    AuthUserConfigure authUserConfigure;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//        auth.inMemoryAuthentication().passwordEncoder(new PasswordEncoderConfig())
//                .withUser("123").password("123aaa").roles("admin");
        auth.userDetailsService(authUserConfigure).passwordEncoder(new BCryptPasswordEncoder());
    }
}
